Users of the Internet may be vulnerable to attackers attempting to steal their identities and other confidential data. Such sought after information includes names and addresses, user IDs and passwords, social security numbers, credit card information, and so on.
A phishing attack is a common tactic for obtaining confidential user information. Phishing involves the use of a web page that looks genuine but that actually belongs to the attacker. For example, an unsuspecting user may receive an email message indicating that the user has a billing problem. The email message instructs the user to go to a particular link which offers assistance. The link takes the user to a false web page that looks legitimate, and that deceivingly prompts the user to enter the confidential information.
A man-in-the-middle (or MITM) attack is another common tactic for obtaining confidential user information. Such an attack may even be able to defeat certain conventional encryption schemes. For example, suppose that a user intends to send confidential information to a particular destination (e.g., sign-on to a particular web site) using an untrained browser which nevertheless employs traditional Transport Layer Security (TLS) or Secure Sockets Layer (SSL) technology. When the browser inadvertently navigates to a phony web site rather than the legitimate web site, the phony web site offers its own public key and establishes a secure connection with the user's browser using TLS/SSL (e.g., the man-in-the-middle site decrypts messages from the user using its own private key). Concurrently, the man-in-the-middle site uses the same TLS/SSL scheme to establish a secure connection with the legitimate web site by obtaining the legitimate web site's public key for secure communications with the legitimate web site. Furthermore, the man-in-the-middle site may carry out a similar TLS/SSL exchange in the opposite direction (i.e., upstream) and thus operate as a man-in-the-middle for communications from the legitimate web site back to the user's browser. At this point, the man-in-the-middle site is conveniently poised to intercept confidential information that the user exchanges with the user's intended destination.
One conventional approach to avoiding succumbing to such attacks involves the user authenticating a site based on viewing a pre-chosen visual image from that site prior to exchanging confidential information with that site. That is, in advance, the user has decided on a particular visual image among multiple visual images that the legitimate site is capable of providing to its users. Then, each time the user goes to the legitimate site and prior to completing the sign-on process, the legitimate site provides the same pre-chosen visual image to the user to let the user know that it is the legitimate site. Since phishing and man-in-the-middle sites are not privy to the user's pre-chosen visual image, the user will easily know whether the site is genuine depending on whether the site is able to provide the pre-chosen visual image. Furthermore, with the pre-chose visual image being static (i.e., non-changing) over time, the user is able to grow accustomed to authenticating the legitimate site by viewing that same pre-chosen visual image each time the user goes to the legitimate site.
Once the user confirms that a site is legitimate by viewing the pre-chosen static visual image, the user is able to complete the sign-on process. Moreover, for additional security, some sign-on processes involve the use of one-time passwords (OTPs). One type of OTP expires after a certain amount of time. For example, the user may posses an authentication token which outputs a new OTP every minute for signing on at the legitimate site. Accordingly, even if an unauthorized person were to obtain an OTP from the user, the OTP would become invalid (i.e., unusable) at the legitimate site after a short period of time.